Recently, CE (Consumer Electronics) devices are becoming increasingly popular. CE devices are audio and visual devices, such as video cassette recorders, hard disk recorders, stereos, or television sets; electronic apparatuses, such as personal computers, digital cameras, camcorders, PDAs, video game machines, or home routers; household appliances, such as rice cookers or refrigerators; and other electronic apparatuses that incorporate therein computers so as to use services via networks.
Users of CE devices can use services provided by servers, such as to download content from a server by making access to the server.
Some services provided by servers can be accessed by any CE devices, whereas other services can be accessed only by particular CE devices that have acquired device authentication.
When a server is to provide a CE device with a service that requires device authentication, the server authenticates the CE device by means of an authentication server, and provides a service only when the CE device is authenticated.
An invention related to a service server that provides a service to a terminal device in this manner is described in the following document.
Patent Document 1: Japanese Unexamined Patent Application Publication No. 2002-342285
According to this invention, when a request for authentication is made by a terminal device (mobile phone), the terminal device is authenticated and a one-time password is issued and transmitted to the terminal device. When the terminal device makes a request for information, the one-time password is received from the terminal device to verify that the authenticated device is indeed this terminal device.
FIG. 12 is a diagram showing the structure of a known CE device 101. The CE device 101 not only stores authentication information required for authentication, such as a device ID and a pass-phrase, but also includes a device authentication module 103 for performing processing related to device authentication and an encryption module 104 for receiving authentication information from the device authentication module 103 and encrypting a communication pathway to transmit the authentication information to a device authenticator 105.
Since the device authentication module 103 passes authentication information to the encryption module 104 as plain text, the device authentication module 103 and the encryption module 104 are coupled with a static link to prevent a third party from reading this authentication information.
The module for encrypting the communication pathway is often used for purposes other than device authentication. However, since the encryption module 104 is connected to the device authentication module 103 with a static link, the CE device 101 includes another encryption module used for purposes other than device authentication. In this manner, in the CE device 101, it is necessary to implement two encryption modules having the same function in a memory of the CE device 101. In other words, the effective amount of the device authentication module becomes large, reducing the available memory area of the CE device 101 or making it difficult to implement the device authentication function itself.
In view of the situation described above, an object of the present invention is to provide a terminal authentication system that can realize a device authentication function where the memory in a terminal device can be used more effectively.